package com.forezp.conf;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**********************************************************************
 * &lt;p&gt;文件名：SecurityConfig.java &lt;/p&gt;
 * &lt;p&gt;文件描述：${DESCRIPTION}(以下代码来自于官方文档)
 * @project_name：chapter12-3
 * @author zengshunyao
 * @date 2019/2/19 14:10
 * @history
 * @department：政务事业部
 * Copyright ChengDu Funi Cloud Code Technology Development CO.,LTD 2014
 *                    All Rights Reserved.
 */
// tag::configuration-spring-security[]
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Page with login form is served as /login.html and does a POST on /login
        // 登录页面，登录请求url
        http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
        // The UI does a POST on /logout on logout
        // 登出url
        http.logout().logoutUrl("/logout");
        // The ui currently doesn't support csrf
        // 关闭csrf
        http.csrf().disable();

        // Requests for the login page and the static assets are allowed
        // 模糊匹配  需要放开拦截的资源
        http.authorizeRequests()
                .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**")
                .permitAll();
        // ... and any other request needs to be authorized
        // 拦截需要授权的url
        http.authorizeRequests().antMatchers("/**").authenticated();

        // Enable so that the clients can authenticate via HTTP basic for registering
        // 启用，以便客户端可以通过HTTP basic进行身份验证以进行注册
        http.httpBasic();
    }
}
// end::configuration-spring-security[]
